[wp-hackers] Plugin update & security / privacy

Jamie Holly hovercrafter at earthlink.net
Mon Sep 24 20:08:01 GMT 2007

This has taken an interesting turn. There is not just a legal question, but
also an ethical one. 

I would much rather bet on the fact that no one here can say with absolute
certainty that sending the URL is or isn't legal, than staking a position of
saying it is or isn't. Think Microsoft. They have tons of attorneys that sit
there and think "well this is legal", and we know how that has ended up for
them in numerous anti-trust cases. Assuming certainty in the law is asking
for trouble.

There is an ethical side to this. Most people won't know this is sending the
URL. If they happen to find out down the road, then they are going to wonder
what else is being sent (should average Joe user have to learn PHP and dig
through source code to figure this out?). In 30+ years of software
development, I have always practiced full disclosure. Every company I have
worked for also engages the same policy where user identifying data
collection is involved. 

Now being self employed and having 11 clients that I take care of Wordpress
installation for (and at the advice of my attorney), I have sent out emails
alerting them of this collection of information. Not saying that it will
turn into a legal battle down the road, but it is better to err on the side
of caution (Three already have said they don't care. Four have said they
don't want to upgrade - including two that have asked me about other
platforms. Still waiting to hear from the other four, but I won't upgrade
them until I hear from them).

Having said that, I still strongly believe this information must be
disclosed in installs/upgrades. Does anyone seriously believe that a person
will stop installing Wordpress (after creating a DB, uploading files, etc)
just because they have to check a box saying "I agree to allow Wordpress.org
to collect statistics about my installation" (In better verbiage of course)?
If that is the case, then Wordpress is seriously hurting in the
user-friendly aspect. 

Jamie Holly

>-----Original Message-----
>From: wp-hackers-bounces at lists.automattic.com [mailto:wp-hackers-
>bounces at lists.automattic.com] On Behalf Of Otto
>Sent: Monday, September 24, 2007 3:44 PM
>To: wp-hackers at lists.automattic.com
>Subject: Re: [wp-hackers] Plugin update & security / privacy
>On 9/24/07, Andy Staines <andy at yellowswordfish.com> wrote:
>> I'd be surprised it it's legal in the USA.
>IANAL, but I assure you, it's legal here.
>For that matter, it's most likely legal there too. It's not personal
>information in any meaningful sense of the term. It's publicly
>available information, anybody looking at your blog can see it in
>their address bar.
>You might have a case with "the plugins you're running", but not with
>the blog URI.
>wp-hackers mailing list
>wp-hackers at lists.automattic.com

More information about the wp-hackers mailing list